Auto-Mount Encrypted ZFS Fails, Can I Recover from FreeNas.db and geli.key?

xxsj · Oct 2, 2014

About an hour ago, I swapped my old motherboard for an ASRock c2750d4i. After doing so, and reassembling my case, I booted up FreeNAS and was seeing an error about my ZRAID2 pool being "locked". The only visible drive was my L2ARC SSD.

I followed the suggestion here: https://forums.freenas.org/index.php?threads/wrong-key-for-gptid-failed-to-geli-attach.13574/ but didn't realize the reason it was locked was that I had plugged in the SATA cables to the wrong side of the SCSI adapters in my DS308 case, so none of the HDDs were connected to the Motherboard.

Unfortunately, I forgot my geli passphrase and can't find the note I wrote it on.

The good news is I downloaded the geli key right before dismounting, and I have a <hostname.FreeNas-<version>...db file from about a week ago.

My question is this: If I restore that DB file, will I regain access to my volume since it was mounted at the time of the backup? Failing that, is there a way to brute force the passphrase in combination with my geli key? I'm guessing data recovery on a USB stick is not a real option here...

Thanks for the help!

cyberjock · Oct 2, 2014

Your DB file only provides enough information for the zpool import command. But before that command can do its job it must be unlocked... with your key and passphrase.

I am not aware of any tools for brute forcing the passphrase. That's going to be something for the FreeBSD forum. Do note that they are certainly going to require you to know where the geli container is and such, so you're going to need to read the FreeNAS code to determine where your data is.

Unfortunately, based on your post it looks like your problem have only begun and you are already drowning. :(

Good luck!

xxsj · Oct 2, 2014

cyberjock said:
Your DB file only provides enough information for the zpool import command. But before that command can do its job it must be unlocked... with your key and passphrase.

I am not aware of any tools for brute forcing the passphrase. That's going to be something for the FreeBSD forum. Do note that they are certainly going to require you to know where the geli container is and such, so you're going to need to read the FreeNAS code to determine where your data is.

Unfortunately, based on your post it looks like your problem have only begun and you are already drowning. :(

Good luck!

Thanks for the quick reply.

The reason I couldn't remember my password is because, apparently, I left it blank during setup. (I didn't realize that was an option).

Now I'm on to the next issue: Two of my drives are not being detected post-motherboard upgrade (facepalm)

SweetAndLow · Oct 2, 2014

Ha! Blank password for encrypted drives. You sir have just added lots of complexity and zero security. You might want to rethink some of your decisions.

xxsj · Oct 6, 2014

SweetAndLow said:
Ha! Blank password for encrypted drives. You sir have just added lots of complexity and zero security. You might want to rethink some of your decisions.

Well it wasn't intentional, I can tell you that! That said, doesn't a GELI key provide some sort of encryption?

I don't care about the data while it's on my systems. It's mostly that I don't want to have to worry about wiping a drive after it's removed from the RAID, for example if it fails or I resell it

Important Announcement for the TrueNAS Community.

Auto-Mount Encrypted ZFS Fails, Can I Recover from FreeNas.db and geli.key?

xxsj

Dabbler

cyberjock

Inactive Account

xxsj

Dabbler

SweetAndLow

Sweet'NASty

xxsj

Dabbler

Similar threads